Ransomware is a virus, and like any kind of cyber-virus, it can be spread both on purpose and inadvertently. Back in January, we discussed the kinds of ransomware that were making the rounds. But how is ransomware spread?
Spam – junk email – is the most common carrier of ransomware. Victims are often tricked into opening an e-mail attachment or clicking a disguised link. Infected email messages might appear to be a note from a friend or coworker, in which case the recipient might be more apt to open the attachment. In some cases, the email might come from a trusted institution (such as a bank) asking you to perform a routine task. Ransomware spreaders might even employ scare tactics such as pop-up warning messages that include a call to action. Once the user takes action, the virus installs itself on the system and begins encrypting files, or blocking access, or whatever else it was designed to do.
Ransomware may also be spread using software known as an exploit kit. These software packages work by identifying system vulnerabilities and exploiting them by installing ransomware. In this case, hackers will install code on a legitimate website that redirects computer users to a malicious site. “Exposure” to this site can sometimes automatically infect the user’s system. Unlike the spam method, sometimes this approach requires no additional actions from the victim. This is referred to as a “drive-by download” attack.
In recent years, one of the most prevalent exploit kits has been one named Angler. A study conducted by security software vendor Sophos showed that Angler is especially prolific and that thousands of new web pages running Angler are created every day. Angler uses HTML and JavaScript to identify aspects of the user’s system, which allows the hacker to choose from a variety of methods of infiltrating the victim’s computer. Angler is able to change its outward appearance and evade detection by all but the most up-to-date security software.
Both spam-carrying email and exploit kits are relatively easy to use, but they do require some level of technical proficiency. However, aspiring hackers with minimal computer skills can also get into the act. According to McAfee, there are ransomware-as-a-service offerings available, allowing just about anyone to conduct these types of attacks.
Never underestimate the determination of today’s hackers. They continually adapt and improve their skill sets and habitually share their knowledge among their kind.
For information on how Capital Business Systems can help you implement a secure network service to suit your business and your budget, please contact us.